Been Hacked, Hijacked, Vandalized, or Defaced?

We can help you get your website back!

Your website is your company's digital face. It is the first thing your clients and potential clients see.
Just like broken windows on your brick and mortar storefront will deter business and damage client confidence in your company,
a damaged, vandalized, or otherwise obviously hacked website will harm public perception of, and confidence in, your business.

We know this sort of thing can be very tough to deal with, often drawing out questions including,

We also recognize that in addition to typically not being prepared for this, most business owners simply don't have the time or experience to handle recovering from a hacked website on their own.

The good news is, you don't have to. We will handle everything for you while you focus on moving your business forward.

The Questions Most Everyone Asks

Why did this happen? and/or Who would do this to me?

First, and most importantly, it is highly unlikely that you or your business was singled out.
This means that this situation is almost assuredly not because of you personally or your business.
Unless you have a very specific reason to think this is because of something you did or something your business does, it probably isn't.

In most cases website hacking happens for fun, for challenge, or for profit.

Of these, it is our experience that there is a pretty even split between the "for fun and challenge" group and the "for profit" group.
While the for fun and challenge group is usually more noticeable, and usually what prompts people to reach out to us, due to the fact that these usually involve some form of defacing,
we almost always discover that the website was hacked by someone before the vandal.

You may be asking how this could possibly be fun. To the hacker it's fun because it's a challenge. How many things in your life have you done just to see if you could or just because you could?
It's the same thing here. The intrusion happens "to see if they can" and the vandalism happens "to prove they did".
It's pretty silly but that is the reality of the situation.

The idea that this is profitable is probably easier to understand but to shed a little light for those who are not in the know,
the more common profit based reasons we see are to send spam email, harvest data, and to slave a server as part of a bot net.

Sending spam is used for advertising products to sell, and for hacking and identity theft.

Harvesting data is used mostly for hacking, identity theft, and fraud.

Botnets are used for a lot of things but the most common are probably attacking other systems and covering a hacker's tracks.

Regardless of "Why this happened", we will help you set it right.
To get started on getting your website back, schedule your complimentary 30 minute consultation by filling out the contact information form below or call us at (657) 205-7377.

How did this happen?

There are several ways that you can lose control of your website to an attacker.
These include server/OS vulnerabilities, website vulnerabilities, and bad or compromised passwords.

Most websites are hosted on shared servers run by hosting companies HostGator, GoDaddy, A2, and ScholasticHost.
These companies manage your server and the supporting software and services for you, and most hosting companies employ technology and processes to help prevent successful hack attempts against the server and associated services.
Unless you are managing your hosting environment on your own, a compromised server is not likely.

Sometimes a website is compromised through logging in as a user with admin privileges.
In this case the attacker uses the admin account to add files to the website that enable the hacker to gain further access to the website's hosting environment.
This elevated access may even include shell or cPanel access.

The most common point of entry that we see is a vulnerability in the website itself.
This could be due to an unknown security issue, also known as a zero-day vulnerability, or to a known security issue that was not properly patched.
Of these two, unpatched known security vulnerabilities are the most common.
An example of this would be a WordPress website that has not been kept up to date.
Many updates to CMS's like WordPress include security patches that are necessary to keep your website and data safe.

However the intruder gained access to your website, we will help you clean it up and lock it down.
Please use the form below to schedule your complimentary 30 minute consultation or call us at (657) 205-7377 to get started on recovering your website.

How We Repair a Hacked Website

To be honest this usually a pretty involved process.
That said, here is an overview of our process.

Lock it down. The first thing we will do is lock your website down to prevent any further damage and to keep the attacker from hiding any tracks if possible.
Once we have your site locked down we will place it in maintenance mode so that any clients who go to your website will see that you are doing some maintenance to your website vs seeing your website defaced.

Search out bad code. Our next step is to search out any injected, bad, or altered code, and any files that don't belong.
We have developed several tools and techniques that aid us in this process and set us apart from our competitors.
Unless you know exactly what you are doing and what to look for, you should not attempt this on your own.
Since one missed file will undo all your efforts, this is one of those areas where you really need a professional that has handled hack repair.

Clean out the bad code and files. It's not enough to simply identify the bad code and files.
You have to remove them without causing further damage to your website or introducing new security issues.

Update all system admin user credentials. While this can be time consuming it is essential.
Even if the initial intrusion was not because of compromised credentials you can bet that the attacker spent some time trying to get your admin credentials.
The safest thing is to update all user credentials for users that have any level of admin access to the website or system.
You should also consider updating the login credentials for any website where you use the same password as the compromised website.

While the above was a lot of info, to be honest, we barely scratched the surface on most of what we actually do to recover our clients' websites to their pre-hacked state.
That said it should provide you a good starting point should you want to try to recover your site on your own.

If you do decide that you want help or that your time is simply better spent running and growing your business instead of dealing with everything that must be done to correctly and quickly recover your website, we're here to help.
You can reach us to schedule a complimentary 30 minute consultation to discuss your situation by filling out the contact information form below or by calling us at (657) 205-7377.

Post Hack Recovery

If you thought you were done just because you got your website cleaned up and back on line, think again.
You may have your site back to where it was but where it was, was vulnerable to attack.
Once we have completed the cleanup process we move on to hardening your website against future attacks.
Just like the cleanup process this process pretty involved but the info below will get you on the right track.

Update the website, its plug-ins and extensions, and the supporting server and software as necessary.
Once we are 100% sure we have the website completely clean, including the database and user credentials, we install every update that was previously missing.
This will ensure that the application and plug-ins installed on the website are completely current up to date to the most currently available version.
If, for example, your website is a WordPress website, this update would include the base CMS (WordPress), all installed themes (used or not), all plug-ins (used or not), and any bridged services or applications that have been integrated with your WordPress website.

Secure the website and the public html folder against future attacks.
Now that we have a fully updated website we will begin hardening the website against future attack.
In our experience this is the most overlooked part of the process.
For some reason people don't seem to realize that once their website has been found to be vulnerable they will continue to be attacked and tested going forward.
Statistically hackers know that if you have been hackable in the past you will likely be hackable again in the near future.
We are, after all, creatures of habit and it is usually bad habits that lead to websites not being updated and maintained properly.

Essentially we will install and properly configure all preventative measure that we deem prudent based on the type of website and the data it contains or could give access to.
When possible we also ensure proper configuration of the webserver your site is running on to remove or mitigate any potential vulnerabilities from that attack vector.

Set up a process to back the website's files and database up regularly.
Now that we've go everything where we want it, we institute a backup process to protect the website against future catastrophic loss by means that are out of our control.
What would you do if your hosting provider had a catastrophic failure and your website and/or database became irrecoverably corrupted?
I promise you that no amount of being mad at or yelling at your hosting provider will change the fact that you no longer have a website.
You are far better off to plan for that failure on your own so you can recover quickly and completely.

Set up a way to know at a glance if any source files are changed or added.
This is one of those above and beyond pieces that nearly no one does but that we have found to be invaluable.
There are a lot of different ways you can accomplish this.
Your specific setup and requirements will ultimately determine which method is best for you and your business.

Create a final off-server backup of the entire website including the database.
This one is pretty self-explanatory.
Back it up to protect all the time and money you just spent getting your site back.
With this backup in hand you will always know that no matter what else happens you can always reinstall your website from this point.

We gave you a lot of info above but if you have followed the process to this point you should have your website cleaned and back up, and hardened against future issues.

If during this process you hit a road block, or you decide that you want help or that your time is simply better spent running and growing your business instead of dealing with everything that must be done to correctly and quickly harden your website against future attacks, we're here to help.
As mentioned above, you can reach us anytime to schedule a complimentary 30 minute consultation to discuss your situation by filling out the contact information form below or by calling us at (657) 205-7377.

Just like you, we are experts at what we do and we are here to help you every step of the way.